DevSafe / Docs
Docs CLI devsafe scan

devsafe scan

Discover every git repo on your machine and find out which ones are at risk from cloud sync corruption. Free to use, no account needed.

What it does

devsafe scan walks your filesystem starting from one or more root directories, finds every .git directory, and reports what it finds. For each repo, it checks whether the path falls inside a cloud-synced folder (iCloud Drive, Dropbox, OneDrive, or Google Drive). Repos inside those folders are at risk of .git corruption.

Cloud sync services like iCloud and Dropbox were designed for documents, not git repositories. They can silently corrupt your .git directory through lockfile races, partial pack writes, and ref pointer overwrites. Git's own documentation warns against this. devsafe scan finds the repos you need to worry about.

This command is completely free. It reads your filesystem and prints a report. It does not modify anything, upload anything, or require an account.

Usage

terminal
$ devsafe scan [root...]

If you don't pass any root directories, devsafe scan defaults to ~/Projects. You can pass one or more paths to scan specific locations.

examples
# Scan the default location (~⁄Projects)
$ devsafe scan

# Scan a specific directory
$ devsafe scan ~/Code

# Scan multiple roots at once
$ devsafe scan ~/Projects ~/Code ~/Work

Flags

FlagDefaultDescription
--depth5Maximum directory depth to search. Increase this if your repos are deeply nested.
--jsonoffOutput results as JSON instead of the default table format. Useful for piping into other tools.
--quietoffOnly print repos that have sync risk warnings. Hides safe repos.
--no-coloroffDisable colored output. Automatically set when output is piped.
--ignorenoneSkip directories matching this pattern. Can be used multiple times.

Example output

Here is what a typical scan looks like on a machine with repos in both safe and risky locations.

terminal
$ devsafe scan ~/Projects ~/Documents
scanning ~/Projects...
scanning ~/Documents...

  repo                          path                                         risk
  ─────────────────────────────────────────────────────────────────────────────────
 api-server                  ~/Projects/api-server                        none
 design-system               ~/Projects/design-system                     none
 marketing-site              ~/Projects/marketing-site                    none
 client-app                  ~/Documents/client-app                       iCloud
 freelance-project           ~/Dropbox/code/freelance-project              Dropbox
 old-prototype               ~/OneDrive/dev/old-prototype                 OneDrive

  found 6 repos (3 safe, 3 at risk)

  warning: 3 repos are inside cloud-synced folders.
  Cloud sync services can corrupt .git directories through lockfile
  races, partial pack writes, and ref pointer overwrites.
  Run "devsafe backup" to protect them.

How sync risk is detected

DevSafe checks whether each repo's path falls inside any of these known cloud sync directories:

If a repo is inside one of these folders, its .git directory is being synced by a service that was never designed for git's internal file structure. This is the single most common cause of silent git corruption on developer machines.

JSON output

Use the --json flag to get machine-readable output. This is useful for scripting or feeding results into other tools.

terminal
$ devsafe scan --json --quiet
[
  {
    "name": "client-app",
    "path": "/Users/you/Documents/client-app",
    "risk": "iCloud",
    "branches": 4,
    "last_commit": "2026-06-28T14:23:08Z"
  }
]

devsafe scan tells you where your repos are and which ones are at risk. For a complete picture, pair it with these commands:

No account required

devsafe scan, devsafe diagnose, and devsafe health are all free and work without any account or login. They only read your filesystem and never send data anywhere.

Install

If you haven't installed DevSafe yet, grab it with Homebrew.

macos · homebrew
$ brew install hxalabs/tap/devsafe

Then run devsafe scan to see what you're working with. No setup, no config, no account. Just answers.